diff options
Diffstat (limited to 'client')
-rwxr-xr-x | client/client.py | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/client/client.py b/client/client.py index 70d85a0..cc22d0b 100755 --- a/client/client.py +++ b/client/client.py | |||
@@ -1,6 +1,7 @@ | |||
1 | #!/usr/bin/env python3 | 1 | #!/usr/bin/env python3 |
2 | 2 | ||
3 | import socket | 3 | import socket |
4 | import ssl | ||
4 | import time | 5 | import time |
5 | import argparse | 6 | import argparse |
6 | import sys | 7 | import sys |
@@ -25,6 +26,8 @@ def parse_arguments(): | |||
25 | parser.add_argument("--config",type=str,help="Path to config file",\ | 26 | parser.add_argument("--config",type=str,help="Path to config file",\ |
26 | default="/etc/mfa/mfa.conf") | 27 | default="/etc/mfa/mfa.conf") |
27 | parser.add_argument("--key",type=str,help="Client connection key") | 28 | parser.add_argument("--key",type=str,help="Client connection key") |
29 | parser.add_argument("--insecure",action="store_true",\ | ||
30 | help="Accept invalid TLS certificates") | ||
28 | return parser.parse_args() | 31 | return parser.parse_args() |
29 | 32 | ||
30 | def prompt_user(prompt): | 33 | def prompt_user(prompt): |
@@ -34,7 +37,7 @@ def prompt_user(prompt): | |||
34 | return result | 37 | return result |
35 | 38 | ||
36 | 39 | ||
37 | def init_connection(mfa_server, client_port, client_key): | 40 | def init_connection(mfa_server, client_port, client_key, insecure=False): |
38 | # Attempts to connect to MFA server with provided address,port, and key. | 41 | # Attempts to connect to MFA server with provided address,port, and key. |
39 | # Repeats attempt once a seconds until timeout is reached. | 42 | # Repeats attempt once a seconds until timeout is reached. |
40 | # Returns socket or None if unable to connect | 43 | # Returns socket or None if unable to connect |
@@ -42,9 +45,16 @@ def init_connection(mfa_server, client_port, client_key): | |||
42 | timeout = 0 | 45 | timeout = 0 |
43 | timeout_length = 5 | 46 | timeout_length = 5 |
44 | sleep_length = 1 | 47 | sleep_length = 1 |
48 | context = ssl.create_default_context() | ||
49 | if insecure: | ||
50 | context.check_hostname = False | ||
51 | context.verify_mode = 0 | ||
45 | while connection == None and timeout < timeout_length: | 52 | while connection == None and timeout < timeout_length: |
46 | try: | 53 | try: |
47 | connection = socket.create_connection((mfa_server,client_port)) | 54 | #connection = socket.create_connection((mfa_server,client_port)) |
55 | connection = context.wrap_socket(socket.socket(socket.AF_INET), | ||
56 | server_hostname=mfa_server) | ||
57 | connection.connect((mfa_server,int(client_port))) | ||
48 | connection.send(client_key.encode(FORMAT)) | 58 | connection.send(client_key.encode(FORMAT)) |
49 | response = connection.recv(ACK_LENGTH).decode(FORMAT) | 59 | response = connection.recv(ACK_LENGTH).decode(FORMAT) |
50 | if response == ACK_MESSAGE: | 60 | if response == ACK_MESSAGE: |
@@ -55,6 +65,8 @@ def init_connection(mfa_server, client_port, client_key): | |||
55 | except ConnectionError: | 65 | except ConnectionError: |
56 | time.sleep(sleep_length) | 66 | time.sleep(sleep_length) |
57 | timeout += sleep_length | 67 | timeout += sleep_length |
68 | except ssl.SSLCertVerificationError: | ||
69 | die("error: server presented invalid certificate") | ||
58 | return connection | 70 | return connection |
59 | 71 | ||
60 | 72 | ||
@@ -72,27 +84,31 @@ def get_vars(args,confparser): | |||
72 | server = None | 84 | server = None |
73 | port = None | 85 | port = None |
74 | key = None | 86 | key = None |
87 | insecure = None | ||
75 | 88 | ||
76 | # Set values from config file first | 89 | # Set values from config file first |
77 | if confparser.has_section("client"): | 90 | if confparser.has_section("client"): |
78 | server = confparser.get("client","server",fallback=None) | 91 | server = confparser.get("client","server",fallback=None) |
79 | port = confparser.get("client","port",fallback=None) | 92 | port = confparser.get("client","port",fallback=None) |
80 | key = confparser.get("client","key",fallback=None) | 93 | key = confparser.get("client","key",fallback=None) |
94 | insecure = bool(confparser.get("client","insecure",fallback=False)) | ||
81 | 95 | ||
82 | # Let command line args overwrite any values | 96 | # Let command line args overwrite any values |
83 | if args.server: | 97 | if args.server != None: |
84 | server = args.server | 98 | server = args.server |
85 | if args.port: | 99 | if args.port != None: |
86 | port = args.port | 100 | port = args.port |
87 | if args.key: | 101 | if args.key != None: |
88 | key = args.key | 102 | key = args.key |
103 | if args.insecure: | ||
104 | insecure = args.insecure | ||
89 | 105 | ||
90 | # Exit if any value is null | 106 | # Exit if any value is null |
91 | if None in [server,port,key]: | 107 | if None in [server,port,key]: |
92 | print("error: one or more items unspecified") | 108 | print("error: one or more items unspecified") |
93 | sys.exit(1) | 109 | sys.exit(1) |
94 | 110 | ||
95 | return server,port,key | 111 | return server,port,key,insecure |
96 | 112 | ||
97 | 113 | ||
98 | def main(): | 114 | def main(): |
@@ -100,7 +116,7 @@ def main(): | |||
100 | args = parse_arguments() | 116 | args = parse_arguments() |
101 | confparser = read_config(args.config) | 117 | confparser = read_config(args.config) |
102 | 118 | ||
103 | mfa_server,client_port,client_key = get_vars(args,confparser) | 119 | mfa_server,client_port,client_key,insecure = get_vars(args,confparser) |
104 | 120 | ||
105 | # Exit if invalid key is provided | 121 | # Exit if invalid key is provided |
106 | if len(client_key) != KEY_LENGTH: | 122 | if len(client_key) != KEY_LENGTH: |
@@ -108,7 +124,7 @@ def main(): | |||
108 | sys.exit(1) | 124 | sys.exit(1) |
109 | 125 | ||
110 | # Open connection to server | 126 | # Open connection to server |
111 | conn = init_connection(mfa_server,client_port,client_key) | 127 | conn = init_connection(mfa_server,client_port,client_key,insecure) |
112 | if conn == None: | 128 | if conn == None: |
113 | print("timed out attempting to connect to server") | 129 | print("timed out attempting to connect to server") |
114 | sys.exit(1) | 130 | sys.exit(1) |